chore(deps): bump the rust-dependencies group across 1 directory with 12 updates

[dependabot]

Bumps the rust-dependencies group with 12 updates in the / directory:

Package	From	To
clap	4.6.0	4.6.1
tokio	1.50.0	1.52.1
reqwest	0.13.2	0.13.3
axum	0.8.8	0.8.9
axum-extra	0.12.5	0.12.6
zxcvbn	3.1.0	3.1.1
rand	0.10.0	0.10.1
diesel	2.3.7	2.3.9
diesel_migrations	2.3.1	2.3.2
uuid	1.22.0	1.23.1
jiff	0.2.23	0.2.24
semver	1.0.27	1.0.28

Updates clap from 4.6.0 to 4.6.1

Release notes

Sourced from clap's releases.

v4.6.1

[4.6.1] - 2026-04-15

Fixes

• (derive) Ensure rebuilds happen when an read env variable is changed

Changelog

Sourced from clap's changelog.

[4.6.1] - 2026-04-15

Fixes

• (derive) Ensure rebuilds happen when an read env variable is changed

Commits

• 1420275 chore: Release
• d2c817d docs: Update changelog
• f88c94e Merge pull request #6341 from epage/sep
• acbb822 fix(complete): Reduce risk of conflict with actual subcommands
• a49fadb refactor(complete): Pull out subcommand separator
• ddc008b Merge pull request #6332 from epage/update
• 497dc50 chore: Update compatible dependencies
• dca2326 Merge pull request #6331 from clap-rs/renovate/j178-prek-action-2.x
• 54bdaa3 chore(deps): Update j178/prek-action action to v2
• f0d30d9 chore: Release
• Additional commits viewable in compare view

Updates tokio from 1.50.0 to 1.52.1

Release notes

Sourced from tokio's releases.

Tokio v1.52.1

1.52.1 (April 16th, 2026)

Fixed

• runtime: revert #7757 to fix [a regression]#8056 that causes spawn_blocking to hang (#8057)

#7757: tokio-rs/tokio#7757 #8056: tokio-rs/tokio#8056 #8057: tokio-rs/tokio#8057

Tokio v1.52.0

1.52.0 (April 14th, 2026)

Added

• io: AioSource::register_borrowed for I/O safety support (#7992)
• net: add try_io function to unix::pipe sender and receiver types (#8030)

Added (unstable)

• runtime: Builder::enable_eager_driver_handoff setting enable eager hand off of the I/O and time drivers before polling tasks (#8010)
• taskdump: add trace_with() for customized task dumps (#8025)
• taskdump: allow impl FnMut() in trace_with instead of just fn() (#8040)
• fs: support io_uring in AsyncRead for File (#7907)

Changed

• runtime: improve spawn_blocking scalability with sharded queue (#7757)
• runtime: use compare_exchange_weak() in worker queue (#8028)

Fixed

• runtime: overflow second half of tasks when local queue is filled instead of first half (#8029)

Documented

• docs: fix typo in oneshot::Sender::send docs (#8026)
• docs: hide #[tokio::main] attribute in the docs of sync::watch (#8035)
• net: add docs on ConnectionRefused errors with UDP sockets (#7870)

#7757: tokio-rs/tokio#7757 #7870: tokio-rs/tokio#7870 #7907: tokio-rs/tokio#7907 #7992: tokio-rs/tokio#7992 #8010: tokio-rs/tokio#8010 #8025: tokio-rs/tokio#8025 #8026: tokio-rs/tokio#8026 #8028: tokio-rs/tokio#8028 #8029: tokio-rs/tokio#8029

... (truncated)

Commits

• 905c146 chore: prepare to release v1.52.1 (#8059)
• 56aaa43 rt: revert #7757 to fix regression in spawn_blocking (#8057)
• 57ff47a ci: update trybuild to expect output from rustc 1.95.0 (#8058)
• 812de3e ci: bump taiki-e/cache-cargo-install-action from 1 to 3 (#8053)
• ba82e73 ci: use Dependabot to keep github actions up to date (#8052)
• 2e85f9d ci: replace cirrus-ci with freebsd-vm (#8041)
• a7e1cd8 ci: update GitHub Actions workflows to use latest tool versions (#8047)
• 5f7be0a chore: perpare 1.52.0 (#8045)
• 36d12d2 taskdump: allow impl FnMut() in taskdumps instead of just fn() (#8040)
• f943312 fs: support io-uring in AsyncRead for File (#7907)
• Additional commits viewable in compare view

Updates reqwest from 0.13.2 to 0.13.3

Release notes

Sourced from reqwest's releases.

v0.13.3

tl;dr

• Fix CertificateRevocationList parsing of PEM values.
• Fix logging in resolver to only show host, not full URL.
• Fix hickory-dns to fallback to a default if /etc/resolv.conf fails.
• Fix HTTP/3 to handle STOP_SENDING as not an error.
• Fix HTTP/3 pool to remove timed out QUIC connections.
• Fix HTTP/3 connection establishment picking IPv4 and IPv6.
• Upgrade rustls-platform-verifier.
• (wasm) Only use wasm-bindgen on unknown-* targets.

What's Changed

• Update docs.rs Features by @​JamesWiresmith in seanmonstar/reqwest#2961
• fix: fallback to hickory_resolver's default config if reading /etc/resolv.conf fails by @​monosans in seanmonstar/reqwest#2797
• fix: remove timeout con by @​cuiweixie in seanmonstar/reqwest#2967
• http3: handle stop_sending without error by @​anuraaga in seanmonstar/reqwest#2978
• resolve: debug log to change only host by @​lms0806 in seanmonstar/reqwest#2992
• Edit reference link by @​lms0806 in seanmonstar/reqwest#2996
• docs: more accurate about default HTTP2 window sizes by @​seanmonstar in seanmonstar/reqwest#3007
• [HTTP/3] Optimize IPv6 fallback and enforce HTTPS scheme #2911 by @​lyuzichong in seanmonstar/reqwest#3006
• Upgrade rustls-platform-verifier by @​jplatte in seanmonstar/reqwest#3010
• use wasm-bindgen ecosystem only for wasm32-unknown-* target by @​Ludea in seanmonstar/reqwest#3000
• fix rustls crl pem parsing by @​Threated in seanmonstar/reqwest#3013
• docs(retry): include ReqRep in docsrs by @​seanmonstar in seanmonstar/reqwest#3020

New Contributors

• @​JamesWiresmith made their first contribution in seanmonstar/reqwest#2961
• @​monosans made their first contribution in seanmonstar/reqwest#2797
• @​cuiweixie made their first contribution in seanmonstar/reqwest#2967
• @​anuraaga made their first contribution in seanmonstar/reqwest#2978
• @​lms0806 made their first contribution in seanmonstar/reqwest#2992
• @​lyuzichong made their first contribution in seanmonstar/reqwest#3006
• @​Ludea made their first contribution in seanmonstar/reqwest#3000

Full Changelog: seanmonstar/reqwest@v0.13.2...v0.13.3

Changelog

Sourced from reqwest's changelog.

v0.13.3

• Fix CertificateRevocationList parsing of PEM values.
• Fix logging in resolver to only show host, not full URL.
• Fix hickory-dns to fallback to a default if /etc/resolv.conf fails.
• Fix HTTP/3 to handle STOP_SENDING as not an error.
• Fix HTTP/3 pool to remove timed out QUIC connections.
• Fix HTTP/3 connection establishment picking IPv4 and IPv6.
• Upgrade rustls-platform-verifier.
• (wasm) Only use wasm-bindgen on unknown-* targets.

Commits

• a9a88c4 v0.13.3
• f3f6d9d docs(retry): include ReqRep in docsrs (#3020)
• 5f9c231 fix rustls CRL PEM parsing (#3013)
• 11d835d use wasm-bindgen ecosystem only for wasm32-unknown-* target (#3000)
• 1f72916 Upgrade rustls-platform-verifier (#3010)
• 5d5bf35 [HTTP/3] Optimize IPv6 fallback and enforce HTTPS scheme #2911 (#3006)
• 93dc1b2 docs: more accurate about default HTTP2 window sizes (#3007)
• c5e50f0 docs: update outdated link in comments
• b25611f resolve: debug log to change only host (#2992)
• ca1f479 http3: handle stop_sending without error (#2978)
• Additional commits viewable in compare view

Updates axum from 0.8.8 to 0.8.9

Release notes

Sourced from axum's releases.

axum-v0.8.9

• added: WebSocketUpgrade::{requested_protocols, set_selected_protocol} for more flexible subprotocol selection (#3597)
• changed: Update minimum rust version to 1.80 (#3620)
• fixed: Set connect endpoint on correct field in MethodRouter (#3656)
• fixed: Return specific error message when multipart body limit is exceeded (#3611)

#3597: tokio-rs/axum#3597 #3620: tokio-rs/axum#3620 #3656: tokio-rs/axum#3656 #3611: tokio-rs/axum#3611

Commits

• c59208c revert axum-core changelog changes
• 99068f5 Revert "Fix IntoResponse for tuples overriding error response codes (#3603)"
• 23d7098 Revert "axum-core 0.5.6"
• e8a39ad axum-macros 0.5.1
• 6e9a249 axum-extra 0.12.6
• 0ec9041 axum 0.8.9
• c3fcebb axum-core 0.5.6
• a8790fc update release notes
• 26ba7bb docs: consolidate state management docs in crate root (#3683)
• 9fc59ef Update to tokio-tungstenite 0.29 (#3689)
• Additional commits viewable in compare view

Updates axum-extra from 0.12.5 to 0.12.6

Release notes

Sourced from axum-extra's releases.

axum-extra-v0.12.6

• fixed: Escape backslashes and double quotes in Content-Disposition filenames to prevent header parameter injection in Attachment and FileStream (#3664)
• vpath! macro now stops the compilation if your path is using deprecated path variables in the old 107 format, such as :var and *var. the only allowed way now is {var}. (#3618)
• fixed: Return specific error message when multipart body limit is exceeded (#3611)

#3664: tokio-rs/axum#3664 #3618: tokio-rs/axum#3618 #3611: tokio-rs/axum#3611

Commits

• c59208c revert axum-core changelog changes
• 99068f5 Revert "Fix IntoResponse for tuples overriding error response codes (#3603)"
• 23d7098 Revert "axum-core 0.5.6"
• e8a39ad axum-macros 0.5.1
• 6e9a249 axum-extra 0.12.6
• 0ec9041 axum 0.8.9
• c3fcebb axum-core 0.5.6
• a8790fc update release notes
• 26ba7bb docs: consolidate state management docs in crate root (#3683)
• 9fc59ef Update to tokio-tungstenite 0.29 (#3689)
• Additional commits viewable in compare view

Updates zxcvbn from 3.1.0 to 3.1.1

Changelog

Sourced from zxcvbn's changelog.

Version 3.1.1

• Bump all dependencies
• Add Deserialize implementation to ser feature

Version 3.1.0

• Add Display to Feedback
• Add support for WASM targets running in a custom runtime

Version 3.0.1

• Fix a bug in 3.0.0 where the Score enum was private
• Fix a bug where some structs that were intended to implement Serialize when the ser feature was enabled did not implement it

Version 3.0.0

• [Breaking] Avoid the possibility for zxcvbn to error
• [Breaking] Refactor the score into an exhaustive enum
• [Breaking] Change feedback to return Option<&Feedback>
• Bump itertools dependency to 0.13

Version 2.2.2

• Fix a possible panic in spatial pattern checker (shssoichiro/zxcvbn-rs#70)
• Update several dependencies
• Fix several new clippy lints
• Officially specify minimum Rust version requirement
  • The version has not changed, but the requirement has now been added to Cargo.toml

Version 2.2.1

• Fixes for building on WASM targets

Version 2.2.0

• Fix an issue where a less specific feedback would be given when a more specific feedback was available. (shssoichiro/zxcvbn-rs#54)
• Migrate to Rust edition 2021
• Migrate from chrono crate to time crate
• Update fancy-regex to 0.8

Version 2.1.1

• Do not download and build wasm dependencies if not building for wasm

Version 2.1.0

• [Feature] Add support for wasm
• Deprecate the usage of builders (it will still work for now, but will be removed in the next major release)

... (truncated)

Commits

• e794323 Version 3.1.1
• 0bd01c1 fix: resolve test clippy lints
• 468ddc3 chore: fix tests that depended on the current year
• 75471f1 chore: update all dependencies
• 38410db Add Deserialize implementation to the ser feature.
• See full diff in compare view

Updates rand from 0.10.0 to 0.10.1

Changelog

Sourced from rand's changelog.

[0.10.1] — 2026-02-11

This release includes a fix for a soundness bug; see #1763.

Changes

• Document panic behavior of make_rng and add #[track_caller] (#1761)
• Deprecate feature log (#1763)

#1761: rust-random/rand#1761 #1763: rust-random/rand#1763

Commits

• 27ff4cb Prepare v0.10.1: deprecate feature log (#1763)
• 98d0638 make_rng: document panic and add #[track_caller] (#1761)
• 54e5eaa Fix doc error (#1758)
• 1ce4c08 Bump itoa from 1.0.17 to 1.0.18 in the all-deps group (#1756)
• ccb734b docs: fix typo in doc comment (#1754)
• 357eb7d Bump libc from 0.2.182 to 0.2.183 in the all-deps group (#1753)
• 5e77fe5 Fix trait references in documentation (#1752)
• da89185 Bump the all-deps group with 3 updates (#1751)
• 50516ff Bump the all-deps group with 2 updates (#1749)
• fd71de9 Bump the all-deps group with 2 updates (#1747)
• Additional commits viewable in compare view

Updates diesel from 2.3.7 to 2.3.9

Changelog

Sourced from diesel's changelog.

[2.3.9] 2026-04-30

• Removed a dbg! statement from the Mysql backend that caused unwanted output
• Fix a regression in #[derive(AsChangeset)] introduced in 2.3.8 where structs with a type or const generic parameter referenced in a field type failed to compile with error[E0425]: cannot find type 'T' in this scope. The diagnostic helper functions added to improve AsChangeset error messages now forward all generic parameters of the input struct, not only lifetimes.

[2.3.8] 2026-04-24

• Added support for libsqlite3-sys 0.37.0
• Raise a compile-time error when mixing aggregate and non-aggregate expressions in an ORDER BY clause without a GROUP BY clause
• Calling .count() or .select(aggregate_expr) on a query that already has a non-aggregate .order_by() clause now raises a compile-time error instead of generating invalid SQL that would be rejected by the database at runtime (fixes #3815)
• Added documentation for migration transaction behaviour at the crate root
• Improved compile time error messages for #[derive(AsChangeset)]
• Allow to use generic types in infix_operator!()
• Fixes for several instances of unsound, unspecified or otherwise dangerous behaviour:
  • Unsound string construction in SqliteValue::read_text/FromSql<Text, Sqlite> for String
  • Invalid alignment for over aligned data in SqliteConnection::register_function for aggregate functions
  • Potential memory leaks in SqliteConnection::register_function
  • Access to padding bytes while serializing Date/time types in the Mysql backend
  • SQL Option Injection in PostgreSQL COPY FROM/TO
  • Unspecified pointer cast in Debug/Display implementation of batch INSERT statements for SQLite
  • Invalid call order of SQLite API functions in SqliteValue::read_text/FromSql<Text, Sqlite> for String/SqliteValue::read_blob()/FromSql<Binary, Sqlite> for Vec<u8>
  • Potential unsound pointer access for FromSql<Binary, _> for Vec<u8> and FromSql<Text, _> for String for third party backends (requires changes to the third party backend as well)

Commits

• 2e7eb35 Also bump derives version
• b3a16a3 Merge pull request #5046 from apastrana6/ap/fix-derive-as-changeset
• 9f0a6c1 Prepare a 2.3.9 release
• adcc896 Enable some clippy lints to prevent having dbg in a release again
• 66760df Remove MySQL time serializer debug output
• 58820dc Merge pull request #5036 from weiznich/prepare_2.3.8
• 895b5ba Prepare a 2.3.8 release
• ea008d3 Fix several UB instances
• 64003c6 Merge pull request #5034 from ayarotsky/fix-reject-aggregate-select-with-non-...
• 49b936e Merge pull request #5012 from ayarotsky/fix-aggregate-expressions-and-order-by
• Additional commits viewable in compare view

Updates diesel_migrations from 2.3.1 to 2.3.2

Release notes

Sourced from diesel_migrations's releases.

Diesel 2.3.2

Fixed

• Fixed an incompatibility with libmariadb versions shipped by debian
• Fixed docs.rs builds
• Fixed applying patch file schema.rs file with formatting
• Allow to compare DatabaseErrorKind values

(Diesel 2.3.1 did not contain any changes beside the version bump to retrigger the docs.rs build)

Full Changelog: diesel-rs/diesel@v2.3.0...v2.3.2

You can support the development of Diesel by:

• Contributing Code, Documentation or Guides. Checkout the planing for Diesel 2.4 for open tasks.
• Providing knowledge and help to maintain the MySQL/MariaDB backend. This is currently the only in-tree backend that is not used by any maintainers, so having someone around that actually uses this backend would be very helpful for the Diesel project.
• Answering questions in our discussion forum
• Reporting bugs in our issue tracker
• Helping triaging issues in our issue tracker
• Sponsoring the maintainers.

Changelog

Sourced from diesel_migrations's changelog.

[2.3.2] 2025-09-19

Fixed

• Fixed an incompatibility with libmariadb versions shipped by debian
• Fixed docs.rs builds
• Fixed applying patch file schema.rs file with formatting
• Allow to compare DatabaseErrorKind values

Commits

• See full diff in compare view

Updates uuid from 1.22.0 to 1.23.1

Release notes

Sourced from uuid's releases.

v1.23.1

What's Changed

• Remove deprecated msrv feature from wasm-bindgen dependency by @​guybedford in uuid-rs/uuid#877
• fix: Timestamp::from_gregorian deprecation note by @​aznashwan in uuid-rs/uuid#878
• Prepare for 1.23.1 release by @​KodrAus in uuid-rs/uuid#879

New Contributors

• @​guybedford made their first contribution in uuid-rs/uuid#877
• @​aznashwan made their first contribution in uuid-rs/uuid#878

Full Changelog: uuid-rs/uuid@v1.23.0...v1.23.1

v1.23.0

What's Changed

• feat: add support for 'hyphenated' format in the serde module by @​FrenchDilettante in uuid-rs/uuid#865
• Fix a number of bugs in time-related code by @​KodrAus in uuid-rs/uuid#872
• Reword invalid char error message by @​KodrAus in uuid-rs/uuid#873
• Impl cleanups by @​KodrAus in uuid-rs/uuid#874
• Use LazyLock to synchronize v1/v6 context initialization by @​KodrAus in uuid-rs/uuid#875
• Prepare for 1.23.0 release by @​KodrAus in uuid-rs/uuid#876

New Contributors

• @​FrenchDilettante made their first contribution in uuid-rs/uuid#865

Special thanks

@​meng-xu-cs raised a series of bugs against the timestamp logic in uuid using automated tooling. The issues themselves were reasonably and responsibly presented and the end result is a better uuid library for everyone. Thanks!

Deprecations

This release includes the following deprecations:

• Context: Renamed to ContextV1
• Timestamp::from_gregorian: Renamed to Timestamp::from_gregorian_time

Change to Version::Max

Version::Max's u8 representation has changed from 0xff to 0x0f to match the value returned by Uuid::get_version_num.

Change to Uuid::get_version for the max UUID

Uuid::get_version will only return Some(Version::Max) if the UUID is actually the max UUID (all bytes are 0xff). Previously it would return Some if only the version field was 0x0f. This change matches the behaviour of the nil UUID, which only returns Some(Version::Nil) if the UUID is the nil UUID (all bytes are 0x00).

Full Changelog: uuid-rs/uuid@v1.22.0...v1.23.0

Commits

• ca0c85f Merge pull request #879 from uuid-rs/cargo/v1.23.1
• b4db015 prepare for 1.23.1 release
• 771069d Merge pull request #878 from aznashwan/fix-from-gregorian-deprecation-note
• 80994a2 fix: Timestamp::from_gregorian deprecation note
• 90c5be8 Merge pull request #877 from guybedford/remove-wasm-bindgen-msrv
• 8b8c4f4 Remove deprecated feature from wasm-bindgen dependency
• 00ab922 Merge pull request #876 from uuid-rs/cargo/v1.23.0
• 726ba45 prepare for 1.23.0 release
• 996dade Merge pull request #875 from uuid-rs/fix/context-ordering
• e140479 simplify a use stmt
• Additional commits viewable in compare view

Updates jiff from 0.2.23 to 0.2.24

Changelog

Sourced from jiff's changelog.

0.2.24 (2026-04-23)

This release primarily adds a new memory_usage routine for reporting heap allocation sizes for the TimeZone and Zoned types. This release also acknowledges and updates the timeline expectations for a Jiff 1.0 release in README.md.

Enhancements:

• #520: Add memory_usage to the TimeZone and Zoned types.
• #535: Improve comment in Span::checked_add example.

Bug fixes:

• #541: Update Jiff 1.0 timeline.

Commits

• 2cc55b2 0.2.24
• c6542f1 changelog: 0.2.24
• ec3c2ec api: add TimeZone::memory_usage and Zoned::memory_usage
• bc752b6 docs: improve comment in Span::checked_add example
• f6c8a55 readme: update 1.0 timeline
• 97314c1 docs: fix typo
• bad71d8 docs: typo
• See full diff in compare view

Updates semver from 1.0.27 to 1.0.28

Release notes

Sourced from semver's releases.

1.0.28

• Documentation improvements

Commits

• 7625c7a Release 1.0.28
• fd404d0 Merge pull request 351 from czy-29/master
• f75f26e The doc_auto_cfg and doc_cfg features have been merged
• 9e2bfa2 Enable serde on docs.rs and automatically add serde flag to the docs
• 8591f23 Unpin CI miri toolchain
• 66bdd2c Pin CI miri to nightly-2026-02-11
• 324ffce Switch from cargo bench to criterion
• 34133a5 Update actions/upload-artifact@v5 -> v6
• 7f935ff Update actions/upload-artifact@v4 -> v5
• c07fb91 Switch from test::black_box to std::hint::black_box
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

[dependabot]

Looks like these dependencies are updatable in another way, so this is no longer needed.